Figure 1 

101 



123 



124 



125 



Keyboard 




Monitor 



Hard Disk 



Optica! drive 



I/O 



I 



Microprocessor 



I 



Memory 



o DO00 



112 



114 





Figure 2 



114 




BIOS 



Kernel 



Operating System 



I/O Routines 
Network Routines 



221 



Authorization Program 



Software Program 



Software 
Product 
220 



Figure 3 



300 



301 



It! 



ftp 



302 



303 



304 



305 



Does valid license exist? 



Yes 



No 



Authorizing program generates a 
license request 



Transmit license request to 
license server 



Generate license in response to 
license request 



Transmit license to authorizing 
program 



Authorize software product use 
based on license terms in license 
file 



Figure 4 




Version 



Serial Number 



Signature 



Issuer 



Validity 



Subject 



Subject Public Key Info 



Issuer Unique ID 



Subject Unique ID 



Extensions 



Figure 5 



214 



501 



Authorization Program 
Code 



502 
504 
506 



Publishers Certificate 



Product Certificate 



Certificate Authority Certificate 



Product Private Key 



Product ID 



Publisher ID 



503 
505 
507 



Figure 6 



301 



601 



602 



Request user information and 
license options 



Extract system information and 
fingerprint, product info 



603 


Generate signed XML license 
request file 








r 


604 n^/""* 


Provide user options for 
transmitting license request 












r 



to step 302 



Figure 7 



XML 700 



Signature 701 



Signedlnfo 711 



SignatureValue 712 



Keylnfo713 
KeyValue 721 



X509Data 722 



DsigObject 714 
Envelope 723 



Header 731 




Action Type="request" 741 






Date 742 







Body 732 

Body Type="PurchaseRequest" 743 

CertificateSignRequest 751 

Participant Type="User" 752 

Customerlnfo 753 

! Billing, Shipping, Platform, 
; MachineBindings, Paymentlnfo 
761 



ProductInfo 754 



ProductID, Name, Version, 
Description, Quantity, Price 762 


; 

I 
i 


Authorization 763 




Challenge, iLoklnfo 771 







Figure 8 



From step 302 



303 

I 

Receive license request in 
financial transaction context 




3*4; 


802 


Validate license request 


15 








0* 
■I. 

4* 


803 v^/^* 


Extract information from request 






1 





804 



Generate appropriate license 
terms 



805 



Generate signed XML license file 



to step 304 



Figure 9 



XML 900 



Signature 701 



Signedlnfo 711 



SignatureValue 712 



Keylnfo713 



KeyValue 721 



X509Data 722 



DsigObject 714 
Envelope 723 



Header 731 




Action Type- 'Response" 941 






Date 742 







Body 732 

Body Type="PurchaseResponse" 943 



Certificate 951 


Participant Type="User" 752 




Customerlnfo 753 


! Billing, Shipping, Platform, 
! MachineBindings, Paymentlnfo 

: 761 










ProductInfo 754 




ProductID, Name, Version, 
Description, Quantity, Price 762 








Authorization 763 
Response, iLoklnfo 971 ! 






PurchaseURL, Authorization URL, 
Fontlnfo, ProtectionOptions, 
LicenseTerms 964 









Figure 10 



From step 304 or 300 



Verify publisher's certificate using 
CA certificate 



Validate document signature 
using publisher's public key 



I 

Validate document message 
digest 



Validate product ID 
and publisher ID 



Use License Terms to control 
software use 



Figure 11 



1101 



1102 



1103 



hi 
% 



1104 



1105 



1106 



Establish certificate authority 



Generate master publisher 
certificate 



Acquire or create license 
management toolset 



Generate unique public/private 
keyset and certificates for toolset 
license requests 



Generate toolse 
certificates ar 
prog 


t with embedded 
id authorizing 
ram 







Store certificates in back-end 
server for handling license 
requests and generating licenses 



Figure 12 



" -3*8% 



^1 



III 

tti 



IzUI 


UCvCIU|JCI ICtUI IOI ICO lUUIOwl 


Valid 
License 






^ No Valid License 




1909 v 


Tnol nonorcit^c iininiiP niihiir*/ 
l uui yci lei cilco ui iiLjuc puuiiu/ 

nrix/atp kpv^et for dpvsloner 
certificate request 






1 




IZUO X / 


L,IOc?l lot? it^L|Ut?oi lo yci iciaicu i\j 

hark-pnd ^prvsr includina a 

developer certificate request 










1204 v^X"* 


1 irpncp inch iHinn Hp\/plnnpr 

certificate is received from back- 
end server 






i 




1205 


Validate toolset license 


M 








Invalid * 



1206 



1207 



1208 



1209 



| Valid License 


License 


Developer selects configuration 




or creates a new configuration 


Existing 
Configuration 


j New Configuration 




Tool generates unique keyset for 
signing license requests for this 
product 








Generate software product with 


M 


authorizing program 





I 



Store certificates in back-end 
developer server 



Figure 13 



Certificate 
Authority 
1301 



Toolset Publisher 1302 



Toolset 1314 
w/authorization 
program 214 



Toolset 
Authorization 
Program 1310 




Toolset 
Product 
Info 1311 









Certificates 
and Keys 
1312 



I 



License- 
Managed Toolset 
Product 1320 



Software Publisher 1303 



Toolset 
License 
Server 102a 



To Developer/Publisher 



License- 
Managed Toolset 
Product 1320 



Software 
Product 
215 



License & 
Certificate 
Req/Resp 
1322 



Configuration and 
Product Keyset 
1313 



License-Managed 
Software Product 
220 



User 1304 



I 



Publisher 
License 
Server 102b 



To End User 



License-Managed 
Software Product 
220 



T 



License 

Req/Resp 

1331 



Certificate 
Req/Resp 
1321 



Use Software Product 
Under License Terms 



